Posts Tagged ‘IT compliance’

People Need Periodic, Effective, Training And Ongoing Awareness To Truly Safeguard Information

Friday, July 25th, 2008

Imagine this; what if you were given training just one time, in a 1-hour session with no hands-on practice, for how to do first aid and give CPR and then were never given more training or reminders about how to do first aid and CPR…two years later would you be able to competently perform first aid when someone needed it? Probably not. Probably not even 1 year later, or even 6 months later.
People need to have regularly scheduled training and ongoing awareness in how to do activities competently. You cannot expect to give a 1-hour, often poorly-constructed, training course about information security or privacy and the have the people taking the training know what to do weeks or months or even yeas later. However, this is the situation that occurs in a very large portion of organizations.
It is no wonder that the majority of security incidents and privacy breaches occur as a result of lack of knowledge and mistakes.
Here is the third part of the third article, “Providing Call Centers with Information Security and Privacy Education,” in my July issue of IT Compliance in Realtime, that speaks to this issue…

(more…)

Call Center Folks Have Huge Amounts Of Access TO PII

Thursday, July 24th, 2008

Need more reasons from my post from yesterday about why call centers need targeted training and ongoing awareness?
If so, then here is the second part of the third article, “Providing Call Centers with Information Security and Privacy Education,” in my July issue of IT Compliance in Realtime

(more…)

The Area With The Most Customer Contact Usually Has The Least Information Security and Privacy Training

Wednesday, July 23rd, 2008

Think for a few moments about the area in your company that has the most, or close to the most, direct contact with your customers and consumers…

(more…)

Are You Providing Targeted Training For IT Personnel?

Tuesday, July 22nd, 2008

If I’ve said it once, I’ve said it a million times, but I’ll say it again…
Providing general information security and privacy training to all personnel is good, and should be done! However, you ALSO need to provide targeted training, and ongoing awareness communications, to different groups throughout your organization based upon their job responsibilities that involve information assets and personally identifiable information (PII).

(more…)

“Cyber Security in the Three Times: Past, Present, & Future”

Monday, July 21st, 2008

Here is a very interesting-looking online seminar…FREE…looks worth checking out…

(more…)

First HIPAA Sanction Applied! $100,000 + Required Actions

Friday, July 18th, 2008

My jaw almost dropped early this morning when I saw the press release from the HHS yesterday, “HHS, Providence Health & Services Agree on Corrective Action Plan to Protect Health Information
Is it about time the HHS actually enforced HIPAA? Yes!
Without applied sanctions for noncompliance, laws and regulations are meaningless and ineffective.
I’m going to look at the Resolution Agreement closely and comment on that soon…in the meantime here is the full press release:

(more…)

Insider Threat Example: San Fran IT Employee Exploits Poor Security Practices

Thursday, July 17th, 2008

Okay, why would a large city like San Francisco make such a silly, preventable mistake like allowing one employee to be able to establish a super user type of account and then lock everyone else out of the government network?
Hacker Holds Key to City’s Network: An Alleged Hacker Won’t Reveal Secret Password to Unlock San Francisco’s Network

(more…)

Organizations of All Sizes Need IT Security & Privacy Training

Thursday, July 17th, 2008

Many organizations create broadly scoped information security training for all their personnel to take, but too few create targeted training for groups that need to have specialized knowledge for certain topics. Different departments within an organization handle different types of information, and have different types of contact with business partners, customers and other employees. So doesn’t it make sense that the payroll folks would need training specific for their job responsibilities, and sales folks would need training specific to their responsibilities that are are very different from the payroll folks, and so on?
According to the U.S. Census Bureau, small businesses employ more than half of all Americans. Very few small and medium sized businesses (SMBs) have specialized IT staff; most of the owners or personnel take on the day-to-day IT tasks themselves, operating on a wing and a prayer that nothing will go wrong. These huge numbers of folks within SMBs are also taking care of the IT security and privacy activities…hopefully.

(more…)

Organizations of All Sizes Need IT Security & Privacy Training

Thursday, July 17th, 2008

Many organizations create broadly scoped information security training for all their personnel to take, but too few create targeted training for groups that need to have specialized knowledge for certain topics. Different departments within an organization handle different types of information, and have different types of contact with business partners, customers and other employees. So doesn’t it make sense that the payroll folks would need training specific for their job responsibilities, and sales folks would need training specific to their responsibilities that are are very different from the payroll folks, and so on? Also, legal requirements those in various industries need specialized training. For example, those in the healthcare space in the U.S. need HIPAA training.
According to the U.S. Census Bureau, small businesses employ more than half of all Americans. Very few small and medium sized businesses (SMBs) have specialized IT staff; most of the owners or personnel take on the day-to-day IT tasks themselves, operating on a wing and a prayer that nothing will go wrong. These huge numbers of folks within SMBs are also taking care of the IT security and privacy activities…hopefully.

(more…)

Get Involved With The 4th Annual Global Security Week!

Wednesday, July 16th, 2008

For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.

(more…)